Hello, I am not able to verify the current session directly after a successfull login via OAuth2 OIDC from my Next js SPA. The /oauth2/auth endpoint redirects with an error:

The Authorization Server requires End-User authentication. Prompt 'none' was requested, but no existing login session was found.

Clearly I am logged in. The request itself includes the following params:

client_id, redirect_uri, response_type, scope, state, code_challenge, code_challenge_method, response_mode, prompt, id_token_hint

Calling the endpoint directly in the browser without

prompt=none

I'll be redirected to the "Two-Factor Authentication"-Screen showing the message:

Please confirm this action by verifying that it is you.

Is there something I am doing wrong? Thanks in advance.

Hi @late-florist-28893 Are you using the Ory Account Experience? What happens when you proceed to "confirm this action"?

I'll be asked for consent (happens every time I try to login even with "remember" checked) and will be redirected to the redirect_uri. But this can't be correct or am I wrong? With this behavior a sso can't work. Prompt 'none' should work as expected because I am logged in to the OP. Omitting id_token_hint in the request has no effect either.

@late-florist-28893 I don't have much knowledge on how this is implemented on our side inside Ory Network, but according to the docs

prompt=none instructs Ory OAuth2 & OpenID Connect to not display the login or consent user interface pages. An error is returned if an End-User isn't already authenticated or the Client doesn't have pre-configured consent for the requested Claims or doesn't fulfill other conditions for processing the request. The error code will typically be login_required, interaction_required, or another code. This can be used as a method to check for existing authentication and/or consent.

I'm not sure if there might be a bug or just no support for this currently in the bundled integration in the Ory Network. I would need to find out about it. I have opened an issue here about it. Could you add more information here? https://github.com/ory/network/issues/194 Helpful information is: • Are you running this locally? • Are you using the CLI • Is this happening in production • Do you have a Custom Domain? • Does it work when you omit

prompt=none

?

Thanks, I commented the issue.